Forrester's recent report, The State of Privacy and Cybersecurity, 2022, is aimed at tech executives and leaders formulating privacy and cybersecurity policies for the future. The report looks into current privacy and cybersecurity trends and provides recommendations to organizations. The data presented in the report is based on the results of two surveys:
The report addresses and provides recommendations for:
First, let's examine the recommendations for privacy leaders.
One of the main challenges privacy leaders face is fear. They fear that implementing privacy controls may lead to a lack of innovation, in turn affecting the employee or customer experience. There is a need for change in perspective. Improvement in privacy controls, risk reporting, and better adherence to compliance should be looked at as a way to strengthen customer trust in the organization. Complying with data privacy regulations does not lead to a lack of innovation—it fosters a safer environment for creating cutting-edge user experiences. Over 31% of respondents state a lack of adequate skills to execute this as a challenge, while 29% say it's due to prioritization of risks other than creating bad customer or employee experiences.
There is a also a need to look at data privacy as something beyond a mandatory requirement for compliance reasons. This can begin with addressing it as a part of every department or business function in an organization. Every function generates or stores data, which means every function other than legal or compliance teams needs to develop privacy competencies as well. The survey results show that in terms of collaboration, privacy teams tend to work mostly with IT, security, legal, or data management teams; however, this is set to decrease in the future. For example, currently 67% of their collaboration is with IT teams, which is set to decrease to 42% in the next 12 months. This shows that, with time, privacy will soon become an integral part of every team.
These changes are often a reflection of how things work in the C-suite. Thirty percent of the CPOs that took Forrester's business privacy survey report to CISOs, who in turn report to CIOs. Privacy teams are often interlinked with IT teams for obvious reasons, but this hierarchy often showcases privacy as a pseudo C-level function. This can again affect the overall data privacy efforts of the organization.
Enabling a privacy-friendly environment is key to ensuring the vast amount of data being generated is handled and protected in the best way possible. Prioritizing it as a competency in every team is the way to go, but it's also important to execute this efficiently and quickly. The data pile is only getting larger and so is the attack surface of organizations' networks—and in turn, the probability of data breaches.
For instance, in the past 12 months, 65% of respondents experienced a data breach, with 29% of the attacks rising externally and 20% due to internal threats. The companies that experienced external attacks attribute them to the following reasons:
Which brings us to the next part of the report: cybersecurity.
Here's what the report recommends for cybersecurity executives.
Technological development is often seen as an indicator of growth, but it comes with its own set of challenges. Cybersecurity leaders struggle with finding a balance between leveraging emerging and existing technologies. Technologies like cloud computing are seeing fast adoption and executives are struggling to find ways to deal with the dynamic nature of threats that come with them. It doesn't come as a surprise that the complexity of the IT environment and changing nature of internal and external threats have been cited as major cybersecurity challenges by 31% and 32% of the executives that took the Forrester Analytics Business Technographics Security Survey.
Key cybersecurity decision-makers have hence prioritized altering their operational strategy, especially during cybersecurity emergencies, like the log4j vulnerability, for example. They also cite their priorities as finding a different approach to attack detection and response, and figuring out how to secure the cloud while making maximum use of the cybersecurity features cloud platforms have to offer.
A few steps businesses could implement in their cybersecurity programs for the future to enhance cloud security include:
Data privacy in cloud environments should be prioritized as well. Along with this, tech execs are focused on finding solutions to long-persistent tactical issues like application cybersecurity or cybersecurity analytics.
In order to ensure smooth operations procedures, there is a need for interconnectivity between IT, cybersecurity, and other teams. According to the survey, while IT and cybersecurity functions work well with each other, only 15% of respondents said they collaborated with customer-facing functions like sales. Fortunately, due to the improving stance of CISO roles in the C-suite and the evolving nature of their functionalities, it's relatively easy to make this happen. One way is to have cybersecurity "champions" stationed in each of the customer-facing teams that ensure secure practices are followed during interactions.
Another could be investment in state-of-the-art cybersecurity tools, like a UEBA tool, for example. A UEBA tool can be used to track user behavior constantly and ensures there is a way to detect suspicious activity and stop it before it leads to a bigger data breach.
CISOs, who currently either report to CIOs or play a secondary role at the C level, should continue to work with tech executives to bring forth better cybersecurity policies and measures.
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.
